問題:我的開發環境創建了此錯誤,我提交了一個使用CURL的登錄表單。 CURL正在產生這個錯誤,我認爲它與爲SSL連接生成的證書有關。Apache CURL錯誤SSL:CA證書集,但證書驗證已禁用
我的開發環境是:
- 的Mac OS X的Capitan 10.11
- 的Apache 2.4/PHP 7.0.12
的phpinfo()規定:
- cURL:enabled/7.50.3/SSL:是/ Pr協議:字典,文件,FTP,FTP,GOPE,HTTP,HTTPS,IMAP,/ZLib版本:1.2.5/libSSH版本:libssh2/1.4.3
- OpenSSL:enabled/Library版本:OpenSSL 1.0.2h 2016年5月3日/ header版本:OpenSSL 1.0.2h 2016年5月3日/ openssl.cafile :(本地)/usr/local/php5/ssl/certs/cacert.pem和(主)/usr/local/php5/ssl/certs/cacert.pem
爲了創建SSL設置我跟着這個Enable SSL in Apache (OSX)文章到消除瀏覽器請求,並允許我拉請求的項目,涉及到Twitter等即使在開發環境中需要SSL連接的請求。
但是,PHP 5.6。我原本是用來開發這個特定的項目的,而且最近我升級到了7,現在已經導致了這個錯誤。
在測試證書而言,在終端它示出了誤差按以下:
echo | openssl s_client -connect localhost:443
以上命令產生:
CONNECTED(00000003)
depth=0 C = AU, ST = New South Wales, L = Sydney, O = localhost, CN = localhost
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = AU, ST = New South Wales, L = Sydney, O = localhost, CN = localhost
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=AU/ST=New South Wales/L=Sydney/O=localhost/CN=localhost
i:/C=AU/ST=New South Wales/L=Sydney/O=localhost/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgIJAIqaBKmBWQOqMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV
BAYTAkFVMRgwFgYDVQQIDA9OZXcgU291dGggV2FsZXMxDzANBgNVBAcMBlN5ZG5l
eTESMBAGA1UECgwJbG9jYWxob3N0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTYx
MTAyMjEzODQ3WhcNMTcxMTAyMjEzODQ3WjBgMQswCQYDVQQGEwJBVTEYMBYGA1UE
CAwPTmV3IFNvdXRoIFdhbGVzMQ8wDQYDVQQHDAZTeWRuZXkxEjAQBgNVBAoMCWxv
Y2FsaG9zdDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmD67Hq/iOUL+b+cjgeO/xwfjmkAu2QI4ZbOV4w/pH66T+U9a
KN3snz504u8xo1DUDKyUp+eX40q2jbWghzOoPVrhIRWwhY4woyX6FYILzvNDym59
Hqc9CzGZ6lkuApelsSAFyC2Q0K7VeOFwEepNZ6ou7WhqfoS9N/CPptut/+NkByxt
m8sEvFbLS4dtVKHB8QoPsVJ8w7f+4zKk3NjVLQPlw8xxzLMStzlwsOSLJYEaiU1a
fdzOoe/l0DroMpTZmDPth6/Fc9loCC3AcgIrzOG7q9eaR5ANNA1+Ca/4/3+qdQOU
CVYjFwwTsTZdcd73nHVjJCe/3bX30T3s9dTD/QIDAQABoz0wOzAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIF4DAhBgNVHREEGjAYgglsb2NhbGhvc3SCCyoubG9jYWxob3N0
MA0GCSqGSIb3DQEBCwUAA4IBAQB9Z5cbIq6gGQ7xg22AxUUQ2GUQ+/u2heHogphP
S/k2OmPg2mmtZ6UPS2B8m8TRx6roHZhO6pWGuDh0BuwRMHC0kYMB7p+XFiOl9Xo+
EVpiM4oXHJ7f1JgF0k/77MGIcyWBHfkvEzNcmhdmabyV5cdyXJs4IaJqnnczwjgC
jh2kvPL4mYQ6Tq26j+vWU2BklFTeMEjr3MgEL+prBTCx6DJ+vKDW3h9USm2yHMGa
EWiP+tJ+6vXKzHdpAVjTNYsoR9stfduZylG9m5pZSISOlaZnDDEwyiQ33U15FAM4
ZnfDOJX1Tbb0MpdbjH36QS2uBhUebxEM361BVGXPZQUaCqp2
-----END CERTIFICATE-----
subject=/C=AU/ST=New South Wales/L=Sydney/O=localhost/CN=localhost
issuer=/C=AU/ST=New South Wales/L=Sydney/O=localhost/CN=localhost
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, B-571, 570 bits
---
SSL handshake has read 1666 bytes and written 513 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 8B39BE1C255BDD6ED6E42E85612AB24C9CD1CB2195676A2CAEA7E3FAE0E65D68
Session-ID-ctx:
Master-Key: 86DCCE7468DE39C619A64AC7C08E6F3AA55B02DC025564D4E67C7BCDDE90415D518D780FB4EEB98A69DF785ED62FFB09
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - e0 da 63 c7 3d b0 eb 5c-0b 30 c8 0f 8f 43 b2 5e ..c.=..\.0...C.^
0010 - 93 49 cb 87 c5 f8 a5 f4-42 bf 19 e1 16 3d 24 73 .I......B....=$s
0020 - ab 0a 76 b9 a7 84 1b 1b-ad 3f 4b 2d 60 c7 0c 8a ..v......?K-`...
0030 - 3d e8 0d b2 29 db 95 b0-a6 e6 49 f6 60 3c fe 1d =...).....I.`<..
0040 - c2 f5 51 8f 40 ae 93 ac-f2 eb b9 99 2c c5 f0 45 [email protected],..E
0050 - bb d7 16 a7 0f a5 52 c7-c4 b8 e4 6a 05 ab a0 25 ......R....j...%
0060 - 9c 44 dc 15 8c 0e cf 69-18 f8 dd 8d f1 ad 21 32 .D.....i......!2
0070 - f5 f9 d6 54 37 87 46 6d-9e 4f d2 8a 3e 16 e2 1a ...T7.Fm.O..>...
0080 - 41 1a 26 27 31 83 f1 ad-31 26 ab 22 17 84 50 ae A.&'1...1&."..P.
0090 - 06 ef 51 9e f4 40 0f 48-8b a9 66 26 1f d8 32 88 [email protected]&..2.
00a0 - 46 19 a2 97 44 26 9c b1-b0 15 5c 0b 02 d7 23 ea F...D&....\...#.
00b0 - 07 b6 72 57 b7 47 ee 9a-85 fe 16 d4 59 8d b8 34 ..rW.G......Y..4
Start Time: 1478128414
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
DONE
對於正在生產此錯誤登錄頁面,我使用的是Auth0.com,我拒絕更改CURL請求verifypeer = false來抑制此錯誤,因爲錯誤明確標識了泄漏。作爲開發人員,我們希望儘可能地複製我們的開發環境,以確保在轉移到生產時不會留下任何東西。
謝謝,希望我已經涵蓋了這裏所需的一切。我不使用外部軟件包,如MAMP或XAMPP等,只是將PHP7安裝升級爲Capitan提供的現有PHP 5.5。
乾杯!
我錯過了錯誤嗎?你會一直得到一個自建證書的錯誤。 – WEBjuju
哎呦好點,php錯誤:'致命錯誤:未捕獲OAuth2 \例外:SSL:CA證書集,但證書驗證在/ Users/xxx/xxx/xxx/src/vendor/adoy/oauth2/src/OAuth2 /在線473上的Client.php' –
另外,遵循向Apache添加SSL的文檔,我從來沒有得到過錯誤。它創建了無錯誤的crts(我知道)。 –